Which versions of pytkit are malicious?

The following PyPI versions of pytkit are flagged malicious: 0.0.1. Treat any of these as compromised.

How do I remediate pytkit if I installed it?

pytkit is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed pytkit — how do I know if it already compromised me?

If pytkit was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is pytkit part of a known attack campaign?

Yes — pytkit is associated with the RLMA-2024-11141, 2024-08-embeds-RealtekHDAudioManager, RLUA-2026-00670 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find pytkit across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytkit (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytkit across your stack and pipelines.

Malicious package

pytkitPyPI

Malicious code in pytkit (PyPI) Remove it immediately and rotate any exposed credentials.

MAL-2024-11684

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

pip uninstall pytkit

What this malware does

Importing a module starts downloading and executing an infostealer, widely identified by AV/sandboxes.

Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers.

Campaign: 2024-08-embeds-RealtekHDAudioManager

Reasons (based on the campaign):

infostealer
Downloads and executes a remote executable.

Malicious versions

1 flagged

0.0.1

Indicators of compromise (SHA-256)

9df42620af41016efc026435085291d44d6b5f9708861a94714cfbf6f300da75

c2dbb9871dbd4c7f95286b355f5345fccc6133e8ec986afb552988925c6944e6

9a84a25f2ecd00da29cb51692121d6ab49559ebdee41aff7ab463020612c5167

b9c930f8c2da13f25434c7751cd83f7aed8d71f21e7d4d056e0d8f03e25e7dc0

eefa6f8f8a3e238401251d1129465d1013857e8adf401e77912b5cfa7fd53f09

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for pytkit (version 0.0.1). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging pytkit across your stack and pipelines.
If you installed it — respond
pytkit is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If pytkit was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks pytkit before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. pytkit on PyPI has been identified as a malicious package (version 0.0.1 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

RLMA-2024-111412024-08-embeds-RealtekHDAudioManagerRLUA-2026-00670

References

Credits

Kamil Mańkowski (kam193)
ReversingLabs · finder

Detect & block this

O3 blocks pytkit-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring